krb5 commit: Fix k5tls module for OpenSSL 3

Greg Hudson ghudson at mit.edu
Fri Jun 18 18:24:02 EDT 2021 

https://github.com/krb5/krb5/commit/aa9b4a2a64046afd2fab7cb49c346295874a5fb6
commit aa9b4a2a64046afd2fab7cb49c346295874a5fb6
Author: Robbie Harwood <rharwood at redhat.com>
Date:   Sat May 29 12:05:49 2021 -0400

    Fix k5tls module for OpenSSL 3
    
    Starting in OpenSSL 3, connection termination without a close_notify
    alert causes SSL_read() to return SSL_ERROR_SSL instead of
    SSL_ERROR_SYSCALL.  OpenSSL 3 also provides a new option
    SSL_OP_IGNORE_UNEXPECTED_EOF which allows an application to explicitly
    ignore possible truncation attacks and receive SSL_ERROR_ZERO_RETURN
    instead.
    
    Remove the call to SSL_CTX_get_options() since SSL_CTX_set_options()
    doesn't clear existing options.
    
    [ghudson at mit.edu: edited commit message and comment]

 src/plugins/tls/k5tls/openssl.c |   17 ++++++++++++++---
 1 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/src/plugins/tls/k5tls/openssl.c b/src/plugins/tls/k5tls/openssl.c
index 76a43b3..99fda7f 100644
--- a/src/plugins/tls/k5tls/openssl.c
+++ b/src/plugins/tls/k5tls/openssl.c
@@ -433,7 +433,7 @@ setup(krb5_context context, SOCKET fd, const char *servername,
       char **anchors, k5_tls_handle *handle_out)
 {
     int e;
-    long options;
+    long options = SSL_OP_NO_SSLv2;
     SSL_CTX *ctx = NULL;
     SSL *ssl = NULL;
     k5_tls_handle handle = NULL;
@@ -448,8 +448,19 @@ setup(krb5_context context, SOCKET fd, const char *servername,
     ctx = SSL_CTX_new(SSLv23_client_method());
     if (ctx == NULL)
         goto error;
-    options = SSL_CTX_get_options(ctx);
-    SSL_CTX_set_options(ctx, options | SSL_OP_NO_SSLv2);
+
+#ifdef SSL_OP_IGNORE_UNEXPECTED_EOF
+    /*
+     * For OpenSSL 3 and later, mark close_notify alerts as optional.  We don't
+     * need to worry about truncation attacks because the protocols this module
+     * is used with (Kerberos and change-password) receive a single
+     * length-delimited message from the server.  For prior versions of OpenSSL
+     * we check for SSL_ERROR_SYSCALL when reading instead (this error changes
+     * to SSL_ERROR_SSL in OpenSSL 3).
+     */
+    options |= SSL_OP_IGNORE_UNEXPECTED_EOF;
+#endif
+    SSL_CTX_set_options(ctx, options);
 
     SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, verify_callback);
     X509_STORE_set_flags(SSL_CTX_get_cert_store(ctx), 0);

More information about the cvs-krb5 mailing list